Thomas Jansen wrote: Hi, have you tried manual keying with setkey? http://www.ipsec-howto.org/x304.html http://lartc.org/howto/lartc.ipsec.html Here's a script from BEET testing with "ip" tool: http://infrahip.hiit.fi/old/run-ipsec.sh I wonder if Joakim has a later version of the tool?
On Tue, Sep 08, 2009 at 01:44:23PM +0300, Miika Komu wrote:does even tunnel mode work?No, that doesn't work either. setkey output is still the same, except for the mode, which is listed as "tunnel", rather than "3" (with BEET mode). Tunnel mode: $ setkey -D192.168.5.56 192.168.5.1 esp mode=tunnel spi=0(0x00000000) reqid=0(0x00000000) seq=0x00000000 replay=0 flags=0x00000000 state=larval created: Jan 1 04:22:52 1970 current: Jan 1 04:22:57 1970diff: 5(s) hard: 30(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=1254 refcnt=0 BEET mode: $ setkey -D 192.168.5.56 192.168.5.1 esp mode=3 spi=0(0x00000000) reqid=0(0x00000000) seq=0x00000000 replay=0 flags=0x00000000 state=larval created: Jan 1 04:12:24 1970 current: Jan 1 04:12:32 1970 diff: 8(s) hard: 30(s) soft: 0(s) last: hard: 0(s) soft: 0(s) current: 0(bytes) hard: 0(bytes) soft: 0(bytes) allocated: 0 hard: 0 soft: 0 sadb_seq=0 pid=1228 refcnt=0